Skills
skills/salesforcecommercecloud/b2c-developer-tooling/b2c-slas-auth-patterns/Gen Agent Trust Hub

b2c-slas-auth-patterns

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATION
Full Analysis
  • DATA_EXFILTRATION (HIGH): In SESSION-BRIDGE.md, the 'Option A: URL Parameters' code snippet demonstrates passing sensitive session tokens (dwsgst and dwsrst) via URL query parameters. This practice exposes active session tokens in browser history, server access logs, and HTTP Referer headers, facilitating session hijacking.
  • DATA_EXFILTRATION (MEDIUM): The TOKEN-LIFECYCLE.md file includes an implementation option for storing authentication tokens in localStorage. Unlike httpOnly cookies, localStorage is accessible to any script on the origin, making tokens vulnerable to theft via Cross-Site Scripting (XSS) attacks.
  • COMMAND_EXECUTION (SAFE): No malicious shell commands or subprocess execution patterns were detected in the provided reference scripts.
  • CREDENTIALS_UNSAFE (SAFE): While authentication logic is present, no real credentials or API keys are hardcoded; the files use appropriate placeholders.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:32 PM